1. 首頁
  2. 問答
  3. LinkedIn API返回'未經授權'回覆(PHP OAuth)

LinkedIn API返回'未經授權'回覆(PHP OAuth)

2010-06-12 153 views
2

我一直在爲這幾天苦苦掙扎。我有一個測試應用,通過OAuth連接LinkedIn。我希望能夠更新用戶的狀態,但目前我無法與LinkedIn的API進行交互。LinkedIn API返回'未經授權'回覆(PHP OAuth)

我能順利拿到requestToken,那麼的accessToken,但是當我發給該API的請求,我看到一個「未經授權」的錯誤,看起來是這樣的:

object(OAuthException)#2 (8) { 
["message:protected"]=> string(73) "Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)" 
["string:private"]=> string(0) "" 
["code:protected"]=> int(401) 
["file:protected"]=> string(47) "/home/pmfeorg/public_html/dev/test/linkedin.php" 
["line:protected"]=> int(48) 
["trace:private"]=> array(1) { 
    [0]=> array(6) { 
    ["file"]=> string(47) "/home/pmfeorg/public_html/dev/test/linkedin.php" 
    ["line"]=> int(48) 
    ["function"]=> string(5) "fetch" 
    ["class"]=> string(5) "OAuth" 
    ["type"]=> string(2) "->" 
    ["args"]=> array(2) { 
    [0]=> string(35) "http://api.linkedin.com/v1/people/~" 
    [1]=> string(3) "GET" 
    } 
    } 
} 
["lastResponse"]=> string(358) " 401 1276375790558 0000 [unauthorized]. OAU:Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy|48032b2d-bc8c-4744-bb84-4eab53578c11|*01|*01:1276375790:xmc3lWhXJvLSUZh4dxMtrf55VVQ= " 
["debugInfo"]=> array(5) { 
["sbs"]=> string(329) "GET&http%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~&oauth_consumer_key%3DBhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy%26oauth_nonce%3D7068001084c13f2ee6a2117.22312548%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1276375790%26oauth_token%3D48032b2d-bc8c-4744-bb84-4eab53578c11%26oauth_version%3D1.0" 
["headers_sent"]=> string(401) "GET /v1/people/~?GET&oauth_consumer_key=Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy&oauth_signature_method=HMAC-SHA1&oauth_nonce=7068001084c13f2ee6a2117.22312548&oauth_timestamp=1276375790&oauth_version=1.0&oauth_token=48032b2d-bc8c-4744-bb84-4eab53578c11&oauth_signature=xmc3lWhXJvLSUZh4dxMtrf55VVQ%3D HTTP/1.1 User-Agent: PECL-OAuth/1.0-dev Host: api.linkedin.com Accept: */*" 
["headers_recv"]=> string(148) "HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 Date: Sat, 12 Jun 2010 20:49:50 GMT Content-Type: text/xml;charset=UTF-8 Content-Length: 358" 
["body_recv"]=> string(358) " 401 1276375790558 0000 [unauthorized]. OAU:Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy|48032b2d-bc8c-4744-bb84-4eab53578c11|*01|*01:1276375790:xmc3lWhXJvLSUZh4dxMtrf55VVQ= " 
["info"]=> string(216) "About to connect() to api.linkedin.com port 80 (#0) Trying 64.74.98.83... connected Connected to api.linkedin.com (64.74.98.83) port 80 (#0) Connection #0 to host api.linkedin.com left intact Closing connection #0 " 
} 
}

我的代碼如下像這樣的(基於php.net的FireEagle爲例):

$req_url = 'https://api.linkedin.com/uas/oauth/requestToken'; 
$authurl = 'https://www.linkedin.com/uas/oauth/authenticate'; 
$acc_url = 'https://api.linkedin.com/uas/oauth/accessToken'; 
$api_url = 'http://api.linkedin.com/v1/people/~'; 
$callback = 'http://www.pmfe.org/dev/test/linkedin.php'; 
$conskey = 'Bhgk3fB4cs9t4oatSdv538tD2X68-1OTCBg-KKL3pFBnGgOEhJZhFOf1n9KtHMMy'; 
$conssec = '####################SECRET KEY#####################'; 

session_start(); 

try { 
    $oauth = new OAuth($conskey,$conssec,OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI); 
    $oauth->enableDebug(); 

    if(!isset($_GET['oauth_token'])) { 
    $request_token_info = $oauth->getRequestToken($req_url); 
    $_SESSION['secret'] = $request_token_info['oauth_token_secret']; 
    header('Location: '.$authurl.'?oauth_token='.$request_token_info['oauth_token']); 
    exit; 
    } else { 
    $oauth->setToken($_GET['oauth_token'],$_SESSION['secret']); 
    $access_token_info = $oauth->getAccessToken($acc_url); 
    $_SESSION['token'] = $access_token_info['oauth_token']; 
    $_SESSION['secret'] = $access_token_info['oauth_token_secret']; 
    } 
    $oauth->setToken($_SESSION['token'],$_SESSION['secret']); 
$oauth->fetch($api_url, OAUTH_HTTP_METHOD_GET); 

$response = $oauth->getLastResponse(); 
} catch(OAuthException $E) { 
    var_dump($E); 
}

我已經成功地建立了以Twitter和一個使用OAuth連接至Facebook,但LinkedIn一直躲避我。如果任何人能夠提出一些建議或指引我朝着正確的方向發展,我將會非常感激!

來源

2010-06-12 Jim Greenleaf

回答

0

除非LinkedIn對HTTP狀態代碼有一個完全無知的看法,否則401意味着它期待WWW-Authenticate標題(即:base64格式的用戶名/密碼)並且沒有得到它,所以它拒絕訪問。可能你必須做OAuth::setAuthType()

來源

2010-06-13 05:29:16

1

嗯,我找到了問題的根源,但現在有一個新的問題:

我原來的問題是錯誤的 - 我沒有得到一個的accessToken可言。問題是我沒有在getAccessToken調用期間傳遞校驗碼(在requestToken步驟中獲得)。

因此,而不是這個......

$access_token_info = $oauth->getAccessToken($acc_url);

...我需要做到這一點...

$_SESSION['verifier'] = $_GET['oauth_verifier']; 
$access_token_info = $oauth->getAccessToken($acc_url, $_SESSION['verifier'], $_SESSION['verifier']);

我希望這個信息可以幫助別人了。這是我第一次使用OAuth,但似乎LinkedIn有一個非常嚴格的實施。

無論如何,現在我需要弄清楚爲什麼LI在我嘗試更新狀態時返回401 ...我已經授權應用程序,並且可以將數據拉下來,但無法設置任何數據。也許在某些地方LI的設置中隱藏了額外的權限?

來源

2010-06-14 03:33:09

+0

LinkedIn在響應正文中發送401的原因。它說什麼? – 2010-06-14 17:54:21

+0

與以前相同的響應:認證/錯誤請求無效(獲得401,期望的HTTP/1.1 20X或重定向) – 2010-06-21 14:26:05

相關問題

 相關問題